EUVD-2026-22738

ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. A high-privileged attacker could exploit this vulnerability and exhaust system resources, reducing application speed. Exploitation o...

EUVD-2026-22732

ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outsi...

CVE-2026-27308

CVE-2026-27308 affects ColdFusion 2023.18, 2025.6 and earlier. It describes an Uncontrolled Resource Consumption vulnerability that canCause application denial-of-service by exhausting system resources. An attacker with high privileges, located adjacent to the target, can exploit this without use...

CVE-2026-27305 ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outsi...

CVE-2026-27306

ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Attacker requires elevated privileges. Exploitation of this issue requires user interaction in that a victim...

Adobe ColdFusion 路径遍历漏洞

Adobe ColdFusion is a rapid application development platform provided by Adobe Inc. This platform includes an integrated development environment and a scripting language. Versions of Adobe ColdFusion prior to 2023.18 and 2025.6 have a path traversal vulnerability. This vulnerability stems from a...

EUVD-2025-30981

Malicious code in bioql PyPI...

CVE-2025-10360 Insufficiently Protected Credentials in Puppet Enterprise 2025.4 and 2025.5

In Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key used for encrypting content in the Infra Assistant database was not excluded from the files gathered by Puppet backup. The key is only present on the system if the user has a Puppet Enterprise Advanced license and has enabled t...

PT-2025-39287

Name of the Vulnerable Software and Affected Versions Puppet Enterprise versions 2025.4.0 through 2025.5 Description The encryption key for the Infra Assistant database was not excluded from Puppet backups in Puppet Enterprise. This key is only present if a Puppet Enterprise Advanced license is...

CVE-2025-8089

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'additional' parameter in version less than, or equal to, 2025.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

CVE-2025-8089 Advanced iFrame <= 2025.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'additional' parameter in version less than, or equal to, 2025.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...